Details
-
Bug
-
Status: Open
-
Critical
-
Resolution: Unresolved
-
7.0.0
-
None
Description
InternalFileDecryptor::WipeOutDecryptionKeys() merely call std::string::clear to dispose of the decryption key contents, but that method is not guaranteed to clear memory (it probably doesn't, actually).
We should probably devise a portable wrapper function for the various OS-specific memory clearing utilities.